package com.github.roc.security.config;

import com.github.roc.security.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/**
 * 描述: 浏览器配置
 * 包名: com.github.roc.security.config
 * 作者: ChenGuop.
 * 日期: 2018/10/18 下午2:44.
 * 项目名称: security-oam
 * 版本: 1.0
 * JDK: since 1.8
 */
//@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
//  @Autowired
//  private SecurityProperties securityProperties;
  @Bean
  public PasswordEncoder passwordEncoder(){
   return new BCryptPasswordEncoder();
  }
  protected void configure(HttpSecurity http) throws Exception {
    http
//            .httpBasic()
            .formLogin()
            .loginPage("/login.html")
            .loginProcessingUrl("/authentication/form")
            .and()
            .authorizeRequests()//授权请求
            .antMatchers("/login.html","/authentication/form").permitAll()//允许请求
            .anyRequest()//所有请求
            .authenticated()//都需要认证
            .and()
    .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .clearAuthentication(true)
            .and()
            .csrf().disable();
  }
}
